Privacy & AI Compliance Specialist

Bloomreach is building the world’s premieragentic platform for personalization.We’re revolutionizing how businesses connect with their customers, building and deploying AI agents to personalize theentirecustomer journey. We're takingautonomous searchmainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses.We’re makingconversational shoppinga reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey.We're deg the future ofautonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do. We're takingautonomous searchmainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses. We’re makingconversational shoppinga reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey. We're deg the future ofautonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do. And we're building all of that on the intelligence of a single AI engine —Loomi AI— so that personalization isn't only autonomous…it's also consistent.From retail to financial services, hospitality to gaming, businesses use Bloomreach to drive higher growth and lasting loyalty. We power personalization for more than 1,400 global brands, including American Eagle, Sonepar, and Pandora. & AI Compliance Specialist The Role We’re looking for a legally grounded, detail-oriented & AI Compliance Specialistto join our Legal team. This role is designed for a hands-on subject matter expert who enjoys applying and AI compliance requirements in real-world, product-driven environments. You’ll work closely with internal stakeholders to ensure Bloomreach’s products, vendor relationships, and internal processes meet applicable and AI regulatory obligations—while remaining practical, scalable, and business-aligned. What You’ll Do Embed into product developmentPartner with product and engineering teams to assess new features and roadmaps for and AI-related riskSupport -by-design and responsible AI principles from ideation through launchAdvise on global and AI complianceProvide practical guidance on, UK, CCPA, and other global data protection frameworksSupport compliance with emerging AI regulations, including the EU AI Act and evolving U.S. AI lawsOversee vendors and third partiesConduct and AI compliance assessments for vendors, particularly those handling sensitive data or AI-driven systemsIdentify risks, recommend mitigation strategies, and support accountability across third-party relationshipsSupport audits and governance programsMaintain data maps and Records of Processing Activities (RoPAs) using data mapping toolsAssist with internal and external audits, including documentation, evidence collection, and audit readinessSupport incident response and ongoing governance initiativesSupport data subject rights and requestsAssist with intake, assessment, and response to data subject requests (e.g., access, deletion, objection) in accordance with and other applicable lawsCoordinate with internal stakeholders to ensure accurate, timely, and compliant responsesMonitor regulatory developmentsStay current on changes in and AI regulations and enforcement trendsAssess impacts on Bloomreach products and operations and communicate actionable recommendations to stakeholdersCollaborate cross-functionallyWork closely with legal, compliance, security, product, marketing, and engineering teamsTranslate complex legal and technical requirements into pragmatic, business-aligned solutions Embed into product developmentPartner with product and engineering teams to assess new features and roadmaps for and AI-related riskSupport -by-design and responsible AI principles from ideation through launch Partner with product and engineering teams to assess new features and roadmaps for and AI-related riskSupport -by-design and responsible AI principles from ideation through launch Partner with product and engineering teams to assess new features and roadmaps for and AI-related risk Support -by-design and responsible AI principles from ideation through launch Advise on global and AI complianceProvide practical guidance on, UK, CCPA, and other global data protection frameworksSupport compliance with emerging AI regulations, including the EU AI Act and evolving U.S. AI laws Provide practical guidance on, UK, CCPA, and other global data protection frameworksSupport compliance with emerging AI regulations, including the EU AI Act and evolving U.S. AI laws Provide practical guidance on, UK, CCPA, and other global data protection frameworks Support compliance with emerging AI regulations, including the EU AI Act and evolving U.S. AI laws Oversee vendors and third partiesConduct and AI compliance assessments for vendors, particularly those handling sensitive data or AI-driven systemsIdentify risks, recommend mitigation strategies, and support accountability across third-party relationships Conduct and AI compliance assessments for vendors, particularly those handling sensitive data or AI-driven systemsIdentify risks, recommend mitigation strategies, and support accountability across third-party relationships Conduct and AI compliance assessments for vendors, particularly those handling sensitive data or AI-driven systems Identify risks, recommend mitigation strategies, and support accountability across third-party relationships Support audits and governance programsMaintain data maps and Records of Processing Activities (RoPAs) using data mapping toolsAssist with internal and external audits, including documentation, evidence collection, and audit readinessSupport incident response and ongoing governance initiatives Maintain data maps and Records of Processing Activities (RoPAs) using data mapping toolsAssist with internal and external audits, including documentation, evidence collection, and audit readinessSupport incident response and ongoing governance initiatives Maintain data maps and Records of Processing Activities (RoPAs) using data mapping tools Assist with internal and external audits, including documentation, evidence collection, and audit readiness Support incident response and ongoing governance initiatives Support data subject rights and requestsAssist with intake, assessment, and response to data subject requests (e.g., access, deletion, objection) in accordance with and other applicable lawsCoordinate with internal stakeholders to ensure accurate, timely, and compliant responses Assist with intake, assessment, and response to data subject requests (e.g., access, deletion, objection) in accordance with and other applicable lawsCoordinate with internal stakeholders to ensure accurate, timely, and compliant responses Assist with intake, assessment, and response to data subject requests (e.g., access, deletion, objection) in accordance with and other applicable laws Coordinate with internal stakeholders to ensure accurate, timely, and compliant responses Monitor regulatory developmentsStay current on changes in and AI regulations and enforcement trendsAssess impacts on Bloomreach products and operations and communicate actionable recommendations to stakeholders Stay current on changes in and AI regulations and enforcement trendsAssess impacts on Bloomreach products and operations and communicate actionable recommendations to stakeholders Stay current on changes in and AI regulations and enforcement trends Assess impacts on Bloomreach products and operations and communicate actionable recommendations to stakeholders Collaborate cross-functionallyWork closely with legal, compliance, security, product, marketing, and engineering teamsTranslate complex legal and technical requirements into pragmatic, business-aligned solutions Work closely with legal, compliance, security, product, marketing, and engineering teamsTranslate complex legal and technical requirements into pragmatic, business-aligned solutions Work closely with legal, compliance, security, product, marketing, and engineering teams Translate complex legal and technical requirements into pragmatic, business-aligned solutions What You Bring Required 3+ years of experience in, data protection, or compliance roles, ideally within a SaaS, technology, or product-focused organizationStrong working knowledge of EU data protection laws, including and UK ; familiarity with global frameworks such as CCPA is a plusFamiliarity with the EU AI Act or other emerging AI regulatory frameworksAbility to interpret regulatory requirements and translate them into clear, actionable guidance for business and technical teamsStrong analytical and organizational skills, with a pragmatic, risk-based approach to complianceClear and precise written and verbal communication skills, comfortable engaging with both legal and non-legal stakeholdersExperience working cross-functionally in fast-paced, international environments 3+ years of experience in, data protection, or compliance roles, ideally within a SaaS, technology, or product-focused organization Strong working knowledge of EU data protection laws, including and UK ; familiarity with global frameworks such as CCPA is a plus Familiarity with the EU AI Act or other emerging AI regulatory frameworks Ability to interpret regulatory requirements and translate them into clear, actionable guidance for business and technical teams Strong analytical and organizational skills, with a pragmatic, risk-based approach to compliance Clear and precise written and verbal communication skills, comfortable engaging with both legal and non-legal stakeholders Experience working cross-functionally in fast-paced, international environments Nice to Have Practical experience supporting AI governance, algorithmic risk assessments, or responsible AI initiativesExperience using management or data mapping tools (e.g., RoPA maintenance)Experience supporting, compliance, or security auditsRelevant certifications such as CIPP/E, CIPM, or other IAPP credentials Practical experience supporting AI governance, algorithmic risk assessments, or responsible AI initiatives Experience using management or data mapping tools (e.g., RoPA maintenance) Experience supporting, compliance, or security audits Relevant certifications such as CIPP/E, CIPM, or other IAPP credentials Your Success at Bloomreach Within 30 days:You’ll gain a strong understanding of Bloomreach’s products, workflows, culture, and compliance toolsWithin 90 days:You’ll independently review product features and vendor integrations for and AI-related risksWithin 180 days:You’ll proactively drive improvements by scaling processes, enhancing data mapping, and strengthening our overall compliance posture Within 30 days:You’ll gain a strong understanding of Bloomreach’s products, workflows, culture, and compliance tools Within 90 days:You’ll independently review product features and vendor integrations for and AI-related risks Within 180 days:You’ll proactively drive improvements by scaling processes, enhancing data mapping, and strengthening our overall compliance posture Why You’ll Love Working at Bloomreach High-impact work:Help shape and AI compliance for a platform trusted by leading global enterprisesGrowth mindset:Access learning budgets, professional development programs, and a strong coaching cultureFreedom with responsibility:We value autonomy, ownership, and results—without unnecessary bureaucracyInclusive and flexible culture:Work remotely with Bloomreach hubs around the world, supported by a culture that prioritizes well-being and personal growth High-impact work:Help shape and AI compliance for a platform trusted by leading global enterprises Growth mindset:Access learning budgets, professional development programs, and a strong coaching culture Freedom with responsibility:We value autonomy, ownership, and results—without unnecessary bureaucracy Inclusive and flexible culture:Work remotely with Bloomreach hubs around the world, supported by a culture that prioritizes well-being and personal growth #Li-ho1 More things you'll like about Bloomreach: Culture: A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one.We have defined our5 valuesand the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication.We believe in flexible working hours to accommodate your working style.We work virtual-first with several Bloomreach Hubs available across three continents.We organize company events to experience the global spirit of the company and get excited about what's ahead.We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer*.TheBloomreach Glassdoor pageelaborates on our stellar 4.4/5 rating. TheBloomreach Comparably pageCulture score is even higher at 4.9/5 A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one. We have defined our5 valuesand the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication. We believe in flexible working hours to accommodate your working style. We work virtual-first with several Bloomreach Hubs available across three continents. We organize company events to experience the global spirit of the company and get excited about what's ahead. We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer*. TheBloomreach Glassdoor pageelaborates on our stellar 4.4/5 rating. TheBloomreach Comparably pageCulture score is even higher at 4.9/5 Personal Development: We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions.Our resident communication coachIvo Večeřais available to help navigate work-related communications & decision-making challenges.Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins.Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.) We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions. Our resident communication coachIvo Večeřais available to help navigate work-related communications & decision-making challenges.* Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins. Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)* Well-being: The Employee Assistance Program -- with counselors -- is available for non-work-related challenges.Subscription to Calm - sleep and meditation app.We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones.We facilitate sports, yoga, and meditation opportunities for each other.Extended parental leave up to 26 calendar weeks for Primary Caregivers. The Employee Assistance Program -- with counselors -- is available for non-work-related challenges. Subscription to Calm - sleep and meditation app.* We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones. We facilitate sports, yoga, and meditation opportunities for each other. Extended parental leave up to 26 calendar weeks for Primary Caregivers.* Compensation: Restricted Stock Units or Stock Options are granted depending on a team member’s role, seniority, and location.Everyone gets to participate in the company's success through the company performance bonus.We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts.We reward & celebrate work anniversaries -- Bloomversaries! Restricted Stock Units or Stock Options are granted depending on a team member’s role, seniority, and location. Everyone gets to participate in the company's success through the company performance bonus.* We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts. We reward & celebrate work anniversaries -- Bloomversaries!* (*Subject to employment type. Interns are exempt from marked benefits, usually for the first 6 months.) Excited? Join us and transform the future of commerce experiences! If this position doesn't suit you, but you know someone who might be a great fit, share it - we will be very grateful! Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees. #LI-Remote